Merge "Keystone fernet keys location with correct permisions and dependencies"
diff --git a/keystone/server.sls b/keystone/server.sls
index e44e959..60a9d1f 100644
--- a/keystone/server.sls
+++ b/keystone/server.sls
@@ -136,9 +136,10 @@
{% if server.tokens.engine == 'fernet' %}
-/etc/keystone/fernet-keys:
+keystone_fernet_keys:
file.directory:
- - mode: 755
+ - name: {{ server.tokens.location }}
+ - mode: 750
- user: keystone
- group: keystone
- require:
@@ -151,6 +152,7 @@
- name: keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
- require:
- service: keystone_service
+ - file: keystone_fernet_keys
{% endif %}
diff --git a/tests/pillar/single_fernet.sls b/tests/pillar/single_fernet.sls
index e72c412..15f61f3 100644
--- a/tests/pillar/single_fernet.sls
+++ b/tests/pillar/single_fernet.sls
@@ -24,8 +24,9 @@
tokens:
engine: fernet
expiration: 86400
+ location: /etc/keystone/fernet-keys/
cache:
engine: memcached
members:
- host: localhost
- port: 11211
\ No newline at end of file
+ port: 11211